Virus Update: Possible Squishage?

Commoncold_2_2

Sorry for all the trouble in the past week. It appears we’ve finally identified the source of the Windows Trojan. After scouring our site content, mistakenly investigating some of the ad providers, we still couldn’t find anything. Still reports kept coming in, so we knew it was still there. It turns out, it looks like our hosting provider system configuration had been compromised and was periodically serving up a page with an embedded JavaScript Trojan within a File Not Found page. The error triggering that 404 has been resolved and we’ve notified our provider. Once we hear back from them, we’ll do a final update, but for now we think we’re back to the QTE.

Windows users, please make sure your browser cache is clear if you’ve visited the site within the past week and make sure you always run good anti-malware solutions. Mac users, you’re free and clear, as usual.

If you’re still seeing problems, please email sysadmin@cutelabs.com.

Comments

  1. Could you officially let us know what the trojan name is, now that you’ve found it, so that we know what we’re scanning for?

  2. oaklandcat says:

    Ahhh… I loves the mac! As usual.

  3. Never had trublz running red-simili-panda internets

  4. According to Symmantec, it’s called the Bloodhound.Exploit.109. The URL for it is here:

    http://www.symantec.com/en/uk/security_response/writeup.jsp?docid=2007-010315-5708-99

    I’ve seen other names as well, so I’d just make sure you anti-malware software is updated.

  5. I’m fine… everything is up-to-date and I run extra scans, and use Firefox and block ads and most cookies.

    How appropriate though:
    “The exploit is triggered by opening a specially-crafted QTL file.” … sounds suspiciously like Cute :)

  6. MAC RULZ :-D

    Glad to see that the problem is sorted out.

  7. When I tryed to come here just a min ago, I got a warning that something was blocked.
    Says… an intrusion attempt by
    bds.invitations.fr was blocked

    This is the first time I’ve had a problem with CO the entire week though

  8. I love my MacBook. Except I really don’t want Mac to take over the interwebz because then people will start making things that can screw up Macs, too.

    Ah well… back to the QTE! Woohoo!

  9. Hurray for noscript on Firefox too.

  10. linux does not scared of viruz

  11. Its an exploit of a bug in Apple Quicktime. Thanks for great software Steve!

  12. I picked the virus up on my work laptop and it’s showing as ‘Virtumonde’, a trojan.

  13. Annoyed cute-goer says:

    Hey people on Linux and Mac, NO ONE CARES. We know u r so speshul. Go marry your OS if you love it so much.

    I’m glad the virus is gone, and I can say it without OS elitism. Go me.

  14. And let’s all remember that with a tie and jacket, you get a job. With a Mac and bedhead, you are a slacker nobody.

    Enjoy your lack of viruses while you’re sitting around the coffee shops being smug.

  15. My anti-virus caught a trojan from your site this morning…just FYI

  16. Don’t worry my dear MacBook Pro, they’re just jealous…

  17. Hi guys,
    Comngratulations! I can tell it’s fixed, because while the problem was going on, I would go to the site, it wouldn’t load, then I’d hit Refresh and the pagewould load, BUT the little CO duck icon no longer appeared next to the URL. I was about to tell you that symptom, but looks like you found it! I use Firefox some adblocking software, so nothing bad happened. But, in case the URL-icon info is useful, I am passing it on for Future Refernce.

    Brrrrpt! and Happy Holidays to all CO folks from Moonpie and Schwitters, our kittehs.

  18. OMG, I hav wun of dees! Dey arr cyoot…an squishable too!1!

  19. I just hit the site about 2 minuts ago and was shut down. :( I just got this laptop, I hpe it’s not broken already :(

  20. yah for site fixing! i was having problems with firefox, though not just here, so i went back to safari and didn’t realize there was anything wrong.

    welcome back everyone! happy solstice, eid mubarak, merry christmas, happy hanukkah, happy kwanzaa and anything else you may be celebrating :)

  21. Mac + Firefox FTW. Thanks for the updates!

  22. We know!

  23. I have a Mac and use Safari, and when I tried to view the page this past week I got the 404 Error message… does that mean I’m compromised, or safe because Macs rock? If I saw the 404 page at all, am I in trouble

  24. would this be why I’m getting 10 porn spams a day in my work email?

  25. use Firefox browser. IE is too dangerous.

  26. Oooh, we’ve got some Mac-haters around here. I used to be the same way, but I like ours now.

    But consider this- those ads with “PC” and “Mac,” I think that “PC” is ten times more endearing and cuter than “Mac.”

    Does anyone agree?

  27. missgirl78 says:

    So I fail at reading and didn’t check out the last post on this. Boo for me. Anyways, my scans show nothing on my computer (I don’t have a mac but I use firefox with adblock). Am I in the clear, y’think?

  28. so happy i have a mac, but my mom uses her laptop and loves the site too and she wasnt so lucky

  29. still says it wants to run ‘active x’ . dont know what that means.

  30. Erling Jacobsen says:

    Now, Linux has a cute little penguin as its mascot, Windoze has, what, Billyboy ?

    Remember, this _is_ cuteoverload, Linux fits right in :-)

  31. Pliny, I think the Mac guy is gorgeous… :)

  32. Pliny: Agreed. I love John Hodgman. :)

  33. Yeah, looks like the mac/linux folks hit a raw nerve. Sorry windows – no offense meant. The windows system is nice and all, but we just love our computers best (and you have to admit – macs are awfully cute!) :u)

    Way to find that virus – go C.O.!

  34. I luvs me Mac-y poo~

  35. Please don’t turn this into a Mac vs. Windows thing. I only posted that line so Mac users knew they had nothing to worry about.

    Windows users, don’t forget to *clear the cache* as I wrote. You’re probably still pulling in the old page that had a link to the missing file, which triggered the bug. Instructions for how to clear your cache are in the link in the post.

    Thanks,
    Sparkster

  36. I cleared MY cache and I feel sooooooo much better now!

  37. who is The Sparkster?

  38. Catrina Marlow says:

    Windows Vista info wasn’t shown…I’ve asked for it tho

  39. Sparkster is Meg’s hubby. Yay Sparky for slaying the bug!

    Now, back to TEH QTE.

  40. *smooch* Love you, MAC!

  41. Okay well first off Thanks Sparky I was having a bit of trouble this AM but as soon as I cleared the Cache everything worked beautifully.
    I will be clearing mine at home too.

    As regards MAC VS PC I love them both… oh and the actors of PC and Mac on the Commercial I too think the PC guy is adorable and the Mac guy is cute but if I meet them in person the PC guy would be who I went off on a date with.

  42. Yitzysmommie says:

    Sparkster, thanks for the viroos squishage. Somethin’ on CO was making our McAfee Protectesche mad last night. Will have my Minister of Information (aka hubby) douche the cache tonight, as that sounds too scary and geek like for little ole moi to try.

  43. I have a PC, but the virus doesn’t catch me out anyway, since the virus checker catches it every time (this time too). AntiVir rules!

  44. Wow, I’m really impressed on how far you went to make sure everyone could EASILY fix their computers! Right on! Very dedicated. Another reason why Cute Overload is the King of the Net!

  45. Nope…my little “watchdog” still barks at me everytime I try to access your site via the cuteoverload.com url. It’s ok tho if I use the typepad etc. link…

  46. *pets MacBook*

    Loff.

  47. You got the bug as far as I can tell. For a week or so I’d been getting a notification that McAfee had blocked a virus, AND then a popup blocker saying that an attempt to load some Yahoo Tracker program had been blocked, and a blank screen. Then if I refreshed, I got the usual page, like normal. None of that happened today. Hurray for whoever fixed it. The people who create and distribute viruses should be thrown naked into the middle of a large group of tame city-park ducks and geese who have just been fed the last of the stale bread available. Nibbled to death, indeed.

  48. Thanks to Sparky for all your dedicated help with this little bugger!

    p.s. you and Megs make a great team. :)

  49. missgirl78 says:

    michael – who was that to? i’m super paranoid about getting viruses and had asked earlier haha

  50. This was a crazy exploit. I have to confess I’d admire how clever the crackers were who cooked this up, if they didn’t cause so much grief for so many. Our hosting provider has confirmed my suspicions, so I’ll post the full write-up for the curious at some point soon, but in the meantime be aware of the following:

    1) Many companies using caching proxies to make web browsing faster. It’s possible that if your work has a proxy, it still may contain the old page that triggers the exploit.

    2) If IE *or* Firefox asks to install something like an ActiveX control, decline it. This means you’re still getting the old page.

    3) ALWAYS run anti-malware software like Kapersky, LinkScanner Pro, McAfee, Sophos or the numerous others out there. Them Internet tubes are dangerous.

    On duty,
    Sparkster

  51. Missgirl78,

    Unless you’re missing Flash player, there should be nothing on this site that prompts you to install an ActiveX control. In fact, that’s typically a guaranteed way to get into trouble. Unless you’re absolutely certain you know what’s being installed, decline it.

    Sparkster

  52. Molly, this is a Windows exploit, so you’re fine on your Mac. (No gloating!)

    Lewen, I highly doubt this exploit is why you’re getting 10 porn SPAMs per day.

    Peter, I use Firefox as well, but apparently this exploit hits *Windows* Firefox and Internet Explorer users equally. I guess there’s some handler plugin within Firefox that gets triggered. Can’t confirm as I’m not a Windows expert.

    Liz, when in doubt, never accept an ActiveX request. Chances are you’re asking for trouble.

  53. missgirl78 says:

    Thank you so much, Sparkster!

  54. Yay! I love both Mac and Windows, though, since for me they’re just a means to an end – to access CO!

  55. Thanks for being transparent about this and warning everyone. But don’t forget us linux users! Open source users love cuteness too!

  56. Mac. Firefox. No viruses.

    Y’all got a problem with that?

    My kids have spent the last two weeks trying to get their PC upgrades working. I’m finding it very difficult to have any love for the PC world anymore.

  57. **hugs Adblock Plus and Firefox** Both kept me safe on my Win machine. McAfee was left untroubled.

  58. Not to forget–Linux. Firefox. No viruses. Life is good. Go Tux!

  59. guineapiggin9 says:

    :( I just got a popup from my symantec protection saying that an intrusion was blocked. It appears as though the virus is still there. :( :( :(

  60. Oliver Townshend says:

    Hey Mac people – if Macs are so good, why do Symantec list Quicktime as the cause? Could it be that Apple written software is buggy too?

  61. Guineapiggin9 Be sure to clear out your cache and you should be fine

    Easy Clear Instructions are located here per Sparky.
    http://kb.iu.edu/data/ahic.html

  62. I don’t want to smush all of your Mac-loving-ness, but they do get viruses too. You should still run anti-virus software on a Mac. Now, don’t get me wrong, I loves my Mac, but they’re not as perfect as everyone seems to think. Anyway, I’m glad the site is okay now. And I totally want one of those plushies.

Follow

Get every new post delivered to your Inbox.

Join 13,347 other followers